HackDig : Dig high-quality web security articles for hacker

Google yesterday released an update for the Chrome browser that patches seven vulnerabilities and also updates Adobe Flash Player. It also announced that Google Safe Browsing has been extended to Chrome for Android.The Chrome browser update is the second in less than a week; on Dec 1, Chrome 47 was released and 41 vulnerabilities were patched. Yesterday

An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses.The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million queries per second, were fired at the servers. A note from th

Adobe may indeed be thinking about phasing out Flash Player, and updates like today’s monster security bulletin will only serve to fuel that movement going forward.Released just an hour before Microsoft’s scheduled Patch Tuesday release, Adobe pushed out a new version of the maligned Flash Player that addressed 79 CVEs. None of the patched vulner

Experts believe that the success tied to a recent spate of DDoS-for-hire groups may be because many are copycat collectives operating with a shorter lifespan.Researchers with Recorded Future, a Massachusetts-based firm that tracks real time threat intelligence, said Monday that they’ve noticed an increase in would-be hackers asking for guidance on foru

A new analysis of the Sofacy APT gang, a Russian-speaking group carrying out targeted attacks against military and government offices for close to a decade, shows a relentless wave of intrusions peaking this summer against victims in a number of NATO countries and the Ukraine.Researchers at Kaspersky Lab this morning released their update on Sofacy, which is

The OpenSSL Software Foundation patched four vulnerabilities in the cryptographic software library on Thursday, likely marking the last time that two older versions of the library will receive updates.The group announced back in December 2014 that it would cease support for two of OpenSSL branches, 1.0.0 and 0.9.8 at the end of the 2015. Yesterday, in a secu

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption.The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October.Now,

If there’s unanimity among security professionals in anything, it’s in their loathing of Adobe’s Flash Player. There’s yet to be an APT or exploit kit that hasn’t welcomed vulnerabilities in the development platform with open arms. And for all that misery tallied up in lost intellectual property and industrial secrets, and stole

Google announced this week it will end Chrome support for older, 32-bit Linux distributions early next year and will maintain the browser on more popular distributions of the software.Specifically Google plans to stop pushing updates and security fixes to those running Chrome on 32-bit Linux, Ubuntu Precise 12.04, and Debian 7. Most computers manufactured in

Twice in the past year, security researchers have found and reported critical vulnerabilities in Modbus gateways built by Advantech that are used to connect serial devices in industrial control environments to IP networks.Most recently, independent security researcher Neil Smith found hard-coded SSH keys in the Advantech EKI series of devices, while a year a

Cisco has been busy the last two days pushing out a patch and security advisories for a number of its products, including a fix for a remotely exploitable vulnerability in its WebEx Meetings mobile application for Android.Cisco said the vulnerability affects versions prior to 8.5.1 of the app, and that it is not aware of public exploits. “A vulnerabi

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong.An August attack against several media companies in Hong Kong was carried out shortly after a high-profile controversy over an appointment at the prestigiou

Researchers have found that thousands of Internet gateways, routers, modems and other embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks that open the door to more extensive intrusions that jeopardize encrypted data.This type of certificate reuse and sharing of SSH keys is apparently all

In short order, the newest version of Cryptowall has begun showing up in exploit kits.The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryp

Developers at LinkedIn fixed a persistent cross site scripting vulnerability in the social network this week that could have been exploited to spread a worm on the service’s help forums.It was a very a quick turnaround for the company according to the researcher, who said LinkedIn fixed the issue a mere three hours after he reported it.According to Roh